Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
166
Views
0
Helpful
2
Replies

PAT query (TCP) (in general, but also ASA specific)

Youreateapot418
Level 1
Level 1

‎02-20-2025 01:41 AM

So, before anyone goes on the "just design a better solution" train. This is more for educational purposes.

We had a lab setup, which when a failover happened, the PAT session was oblivious to this, so stayed "UP". 

However, the client system knew, so restarted the TCP process (3 way handshake).

Server and FW PAT session stayed active. 

This new 3 way handshake transited the existing PAT session, and the server then sent "RST", (as it should, because why would an active session need a 3 way handshake again).

My query is. When we manually clear a PAT session via CLI in a router or ASA (clear NAT translations, or xlate), does that send a "RST" also in both directions, or does it just disappear and the end systems (if still transmitting) just start another PAT session (which would then be out of sync with new 5tuple, and the connection would fail, timeout, then re-set)?

 

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎02-20-2025 02:07 AM

clear xlate not force FW to send RST 
clear host or clear conn force FW to send RST

MHM

0 Helpful

paul driver
VIP
VIP

‎02-20-2025 02:24 AM

Hello
Good question - TBH no sure of the rst towards the client but it does clear the entry from the nat table and that gets recreated.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents